| Vulnerability Name: | CVE-2005-2963 (CCN-22520) | ||||||||
| Assigned: | 2005-10-05 | ||||||||
| Published: | 2005-10-05 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Wed Oct 05 2005 - 04:23:52 CDT New mod-auth-shadow packages fix authentication bypass Source: MISC Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323789 Source: MITRE Type: CNA CVE-2005-2963 Source: MANDRIVA Type: UNKNOWN MDKSA-2005:200 Source: CCN Type: SA17060 Apache mod_auth_shadow Module "require group" Incorrect Authentication Source: SECUNIA Type: Patch, Vendor Advisory 17060 Source: SECUNIA Type: UNKNOWN 17067 Source: SECUNIA Type: UNKNOWN 17348 Source: DEBIAN Type: Patch, Vendor Advisory DSA-844 Source: DEBIAN Type: DSA-844 mod-auth-shadow -- programming error Source: OSVDB Type: UNKNOWN 19863 Source: CCN Type: OSVDB ID: 19863 mod_auth_shadow for Apache HTTP Server require group Authentication Bypass Source: BID Type: UNKNOWN 15224 Source: CCN Type: BID-15224 Apache Mod_Auth_Shadow Authentication Bypass Vulnerability Source: XF Type: UNKNOWN modauthshadow-require-group-bypass-security(22520) Source: XF Type: UNKNOWN modauthshadow-require-group-bypass-security(22520) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||